Re: [OAUTH-WG] updated Distributed OAuth ID

Dick Hardt <dick.hardt@gmail.com> Thu, 19 July 2018 13:47 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B1E130EA1 for <oauth@ietfa.amsl.com>; Thu, 19 Jul 2018 06:47:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NWnLiV-JfdN7 for <oauth@ietfa.amsl.com>; Thu, 19 Jul 2018 06:47:18 -0700 (PDT)
Received: from mail-pl0-x22b.google.com (mail-pl0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C99FB130E50 for <oauth@ietf.org>; Thu, 19 Jul 2018 06:47:18 -0700 (PDT)
Received: by mail-pl0-x22b.google.com with SMTP id o7-v6so3685741plk.10 for <oauth@ietf.org>; Thu, 19 Jul 2018 06:47:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=J+F6/C8TlQBz/j89Xaclq39XRF9DnSi5HxVJRXkpNgg=; b=JtQ4R3IxF0VDPpcoudNOLKA9XU2BaU/9WmmLoU1Ytd8Uj7qQaC8ttPslSRvUDOueF8 LleC3L9M9KkQBIO8zO9z8dLB3KI30foaLmJ3kcnuUMNEn6HcLifhOo+OFcp0ILE+vAin WZyH8jZI2D3NSg6tO22t3EogICNakBeNz+Tdmf3mk6vlkWXU0T8UsN/YqKb0ydAdzMgC TGE3vjBxPuMLw+pP2w4gg1vPwhBQszBVDmvpqpvFw9UX49Us6d3GDj9qw+8SYm7cfvAV vV2FU6N0M5gyf47UP0JBT3NgnoQ7bf/SD2enYpRfvHKnmwS6/PtvHTsnlKutBLM5MNMv 7e7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=J+F6/C8TlQBz/j89Xaclq39XRF9DnSi5HxVJRXkpNgg=; b=ThJtjkOJTUChCcG2Sva45BEhYDBx/4xANC5zCKl2NWwt6U6UtxHXY4pIEHXk5CVfR+ W204R7AJdEs0407JqlXo+D0F+hSgnokWObtRGoU5uHavIOe/HC+AxLhk3RBdaro/7v/D bm8sqOURYabOiMBAGzCQpa4i46UDecft4TmWy4HlaKymBzLgWVGRFQdCa5+xs8Wgu6fo iI5vzVG3/9x/K7jir9GvkgmmKpJjUpZS5ede0jkIc6wNRQ9DeyTM1ZaBx7mX5MoZyf39 s9RX2mcmj/jOUcd5dmBE8WTYY0vjFOyfX7TxS4fvJdA9S+dAMXBFnGrV8BJDp3lS5lXx ffSw==
X-Gm-Message-State: AOUpUlEs6nkhK4oKESU5A2j/XDflbLAYAyyMERIlPGZmgKOR8LB7RH5R H1jaXL6Bdx9tg+e4JxbnvV03llem1/HCRmTOCWHrzym8
X-Google-Smtp-Source: AAOMgpesT33W05bGgD2NUo1KShkVMZJSQ3pW6CfvnrYalcfX7MUdftRwtQ2YBhTkTWOl6kBOzVIvWoTT5onXiz8c4kI=
X-Received: by 2002:a17:902:b20d:: with SMTP id t13-v6mr10305259plr.121.1532008038158; Thu, 19 Jul 2018 06:47:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:9ce:0:0:0:0 with HTTP; Thu, 19 Jul 2018 06:46:57 -0700 (PDT)
In-Reply-To: <3A81E7C4-5FE1-448A-BB3D-540D30BF2637@lodderstedt.net>
References: <CAD9ie-sW7EbfuJWc8_fkLO0wGg9kd0VR=xuO346yOoMK8ZGiyQ@mail.gmail.com> <B976F6E6-95E3-4B50-A54B-C207FA4D82A7@lodderstedt.net> <CAD9ie-sUM3jQm8pN1e4wUpSAJw=DW=xDXJS--R6icpjJsnV_AA@mail.gmail.com> <3A81E7C4-5FE1-448A-BB3D-540D30BF2637@lodderstedt.net>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Thu, 19 Jul 2018 09:46:57 -0400
Message-ID: <CAD9ie-s2nwXovWM3OfDG8MJvs+TVzX_KearbW1Uq_6Nz9X_5mg@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Cc: oauth@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e8555305715a6a12"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Pt613IYZn8kcpcAp-CliyDfkVP8>
Subject: Re: [OAUTH-WG] updated Distributed OAuth ID
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 13:47:21 -0000

On Thu, Jul 19, 2018 at 8:51 AM, Torsten Lodderstedt <
torsten@lodderstedt.net> wrote:

> Hi Dick,
>
>
>
>>
>> Section 3:
>> Don’t you think it could be a useful information to have the resource URI
>> available in the authorization flow?I would assume it could have some
>> additional meaning to the AS and could also be the context of the scope.
>>
>
> I'm assuming you are referring to the Authorization Code Grant. Good call
> out that the resource URI would be useful in the redirect.
>
> The use cases that I have been working with have all been Client
> Credential Grants
>
> I currently don't know of a real world use case for the Authorization Code
> Grant for Distributed OAuth.
>
>
> I think any scenario with multiple resource servers relying on the same AS
> for authorization where the client acts on behalf of the resource owner
> qualifies for grant type code and distributed OAuth.
>
> Let’s assume a user wants to authorize a client for access to her cloud
> storage, email account and contacts when setting app the respective app.
>

Would you walk me through the user experience that happened for the client
to do discovery on these three resources? In other words, what did the user
do to get the client to call the resource and get back the 401 response?

/Dick